How long should I fuzz my API?

Hello, I am trying out Mayhem for API. Quick question for you. How long should I fuzz my API?

Hi Daniel, welcome to the community! In our documentation, we recommend fuzzing your targets for a minimum of 60 seconds. However, it depends a lot on what you want to get out of your testing. For example, fuzzing runs as checks for code commits can run in under a minute, but if you want to do large scale stress testing, you might want to fuzz for longer. Additionally, if you are only fuzzing a few endpoints on your API (recommended for targeted results), you will get more results for those endpoints than you would if you fuzzed for the same amount of time on the entire API with, say, 50+ endpoints. We recommend focusing your efforts to a few endpoints, fuzzing for at least 60 seconds (more if you can afford it), and using well-documented API specifications to ensure thorough and high-quality results.

1 Like